You are here

public function ManageFieldsFunctionalTest::testExternalDestinations in Drupal 9

Same name and namespace in other branches
  1. 8 core/modules/field_ui/tests/src/Functional/ManageFieldsFunctionalTest.php \Drupal\Tests\field_ui\Functional\ManageFieldsFunctionalTest::testExternalDestinations()
  2. 10 core/modules/field_ui/tests/src/Functional/ManageFieldsFunctionalTest.php \Drupal\Tests\field_ui\Functional\ManageFieldsFunctionalTest::testExternalDestinations()

Tests that external URLs in the 'destinations' query parameter are blocked.

File

core/modules/field_ui/tests/src/Functional/ManageFieldsFunctionalTest.php, line 744

Class

ManageFieldsFunctionalTest
Tests the Field UI "Manage fields" screen.

Namespace

Drupal\Tests\field_ui\Functional

Code

public function testExternalDestinations() {
  $options = [
    'query' => [
      'destinations' => [
        'http://example.com',
      ],
    ],
  ];
  $this
    ->drupalGet('admin/structure/types/manage/article/fields/node.article.body/storage', $options);
  $this
    ->submitForm([], 'Save field settings');

  // The external redirect should not fire.
  $this
    ->assertSession()
    ->addressEquals('admin/structure/types/manage/article/fields/node.article.body/storage?destinations%5B0%5D=http%3A//example.com');
  $this
    ->assertSession()
    ->statusCodeEquals(200);
  $this
    ->assertSession()
    ->responseContains('Attempt to update field <em class="placeholder">Body</em> failed: <em class="placeholder">The internal path component &#039;http://example.com&#039; is external. You are not allowed to specify an external URL together with internal:/.</em>.');
}